NCSC shields UK from more than 600 attacks

News by Rene Millman

a New NCSC report discloses over 600 attacks, many made by hostile nation states, that it has defended the UK against

More than 600 cybersecurity attacks have been stopped by the National Cyber Security Centre (NCSC) in the UK over the last year, many of them from hostile nation states.
According to the NCSC’s third Annual Review report, published recently, it handled 658 incidents in the last 12 months, with support provided to almost 900 victim organisation.
Since the NCSC was established in 2016, it has dealt with almost 1,800 incidents targeting the UK. The report said that the top five sectors supported by NCSC Incident Management were; government, academia, information technology, managed service providers, and transport and health (joint fifth).
The organisation said that Russia, China, Iran and North Korea were the most active threat actors targeting the UK with hacking attacks. Last year, the NCSC exposed a campaign by the GRU, the Russian military intelligence service, that it said was a series of "indiscriminate and reckless cyber-attacks targeting political institutions, businesses, media and sport".
NCSC CEO Ciaran Martin said in the report’s foreword that "large-scale global cyber-crime" was a threat to "our social fabric, our way of life and our economic prosperity", despite often being "low in sophistication".
"That is why so much of the NCSC’s efforts are geared towards raising our defences against all threats in cyber-space. There are many operational successes in this field – particularly our pioneering Active Cyber Defence work," he added.
Among the successes the NCSC touted in its report was "Operation Haulster", which automatically flagged fraudulent intentions against more than one million stolen credit cards, as a result protecting hundreds of thousands of people from financial loss.
It has also developed a machine to improve the efficiency of information sharing around threats to the UK – speeding up the process from a matter of hours to just seconds.
It has also continued with its Active Cyber Defence (ACD) Programme. In the report, The ACD Takedown Service has taken down 98 percent of phishing URLs discovered to be malicious, a total of 177,335 phishing URLs. Of those, 62.4 percent were removed in the first hour.
Martin said that there is also the risk that advanced cyber-attack techniques could find their way into the hands of new actors, through proliferation of such tools on the open market. 
"Cyber-security has moved away from the exclusive prevail of security and intelligence agencies towards one that needs the involvement of all of government, and indeed all of society," he added.
Javvad Malik, security awareness advocate at KnowBe4, told SC Media UK that state-sponsored attackers and cyber-criminals are continually trying to find new and innovative ways to not just infiltrate companies, but also cover their tracks, or hide their identities by assuming the identities of other criminals or nation states.
"While it may not be possible to defend against all attacks all the time, particularly state-sponsored ones, companies should use their own, and external threat intelligence to zero in on where the actual threats relevant to their industry are coming from, what the root causes of infection are, and deploy appropriate controls to best protect against those attacks," he said.
Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, told SC Media UK that security  awareness and education should remain a vital part of a national cybersecurity strategy. 
"Given the rapid proliferation of technology into our daily lives with IoT and mobile technologies, everyone is a potential victim. Most of the attacks targeting UK consumers and businesses leverage some trickery and can be effectively prevented by non-technical means," he said.
He adds a note of caution, regarding attack attribution, suggesting prudence in relation to geography, "..especially when we are talking about APTs and otherwise sophisticated attacks. For example, it is not that infrequent to see cyber-criminals purposely taking control of law enforcement IT infrastructure and using it as an exit point when carrying out intrusions. Political tensions and the complexities of international criminal law exacerbate an already overly complicated incident forensics process, often making breaches technically uninvestigable. Thus, reliable attack attribution remains a highly complicated challenge today.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews